From abeb2d6095ea77c133b8406006225f1633290bd5 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 8 Nov 2023 18:03:01 +0100
Subject: [PATCH] Fix CVE-2023-38469

---
 .avahi.metadata                               |  1 +
 ...ect-overly-long-TXT-resource-records.patch | 46 +++++++++++++++++++
 avahi.spec                                    |  6 ++-
 3 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 .avahi.metadata
 create mode 100644 0001-core-reject-overly-long-TXT-resource-records.patch

diff --git a/.avahi.metadata b/.avahi.metadata
new file mode 100644
index 0000000..822e12a
--- /dev/null
+++ b/.avahi.metadata
@@ -0,0 +1 @@
+969a50ae18c8d8e2288435a75666dd076e69852a avahi-0.8.tar.gz
diff --git a/0001-core-reject-overly-long-TXT-resource-records.patch b/0001-core-reject-overly-long-TXT-resource-records.patch
new file mode 100644
index 0000000..946a531
--- /dev/null
+++ b/0001-core-reject-overly-long-TXT-resource-records.patch
@@ -0,0 +1,46 @@
+From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 23 Oct 2023 20:29:31 +0000
+Subject: [PATCH] core: reject overly long TXT resource records
+
+Closes https://github.com/lathiat/avahi/issues/455
+
+CVE-2023-38469
+---
+ avahi-core/rr.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-core/rr.c b/avahi-core/rr.c
+index 2bb8924..9c04ebb 100644
+--- a/avahi-core/rr.c
++++ b/avahi-core/rr.c
+@@ -32,6 +32,7 @@
+ #include <avahi-common/malloc.h>
+ #include <avahi-common/defs.h>
+ 
++#include "dns.h"
+ #include "rr.h"
+ #include "log.h"
+ #include "util.h"
+@@ -689,11 +690,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
+         case AVAHI_DNS_TYPE_TXT: {
+ 
+             AvahiStringList *strlst;
++            size_t used = 0;
+ 
+-            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
++            for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
+                 if (strlst->size > 255 || strlst->size <= 0)
+                     return 0;
+ 
++                used += 1+strlst->size;
++                if (used > AVAHI_DNS_RDATA_MAX)
++                    return 0;
++            }
++
+             return 1;
+         }
+     }
+-- 
+2.41.0
+
diff --git a/avahi.spec b/avahi.spec
index 7b837df..2cd9214 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -48,7 +48,7 @@
 
 Name:             avahi
 Version:          0.8
-Release:          19%{?dist}
+Release:          20%{?dist}
 Summary:          Local network service discovery
 License:          LGPLv2+
 URL:              http://avahi.org
@@ -141,6 +141,7 @@ Patch17: 0001-core-make-sure-there-is-rdata-to-process-before-pars.patch
 Patch18: 0001-core-copy-resource-records-with-zero-length-rdata-pr.patch
 Patch19: 0001-core-extract-host-name-using-avahi_unescape_label.patch
 Patch20: 0001-core-return-errors-from-avahi_server_set_host_name-p.patch
+Patch21: 0001-core-reject-overly-long-TXT-resource-records.patch
 
 ## downstream patches
 Patch100:         avahi-0.6.30-mono-libdir.patch
@@ -836,6 +837,9 @@ exit 0
 
 
 %changelog
+* Wed Nov 08 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-20
+- Fix CVE-2023-38469 (RHEL-5637)
+
 * Wed Nov 08 2023 Michal Sekletar <msekleta@redhat.com> - 0.8-19
 - Fix CVE-2023-38471 (RHEL-5642)